XDR Explained In 300 Words
XDR is the rising star of new acronyms, but everyone wants you to read a 1,000+ word blog to understand its value. Let’s try to do it in about 300 words.
X means to expand DR’s – detection and response systems – to cover your entire attack surface, not just a portion of it. Hackers know that security operations are built on siloed tools which create blind spots. Hackers not only attack those blind spots, they also attack several aspects of your environment at the same time to overwhelm your security team and their current tools.
When your team is faced with thousands of alerts at once it is difficult for anyone to know where to start. That confusion creates the opening for the attackers. XDR leverages machine learning to correlate disparate alerts into events to close this gap. The events are scored and prioritized as incidents before they are presented in a simple to understand format highlighting the shortest path to remediation.
Currently, there are five different approaches to XDR, and this is why you’re seeing so much ‘marketing’ going on from these camps:
- EDRs are making the move to XDR, calling it eXtended detection and response. They are extending the EDR from its original focus on endpoint to now covering a broader piece of your attack surface.
- Some NDRs are making the move to XDR also. They have a similar path extending detections from its original focus on packets to now covering a broader piece of your attack surface.
- SOARs are adding data lakes or logs to their story to help add detections to a response-only platform.
- SIEMs are adding response and better ways to data-mine their data lakes, looking for these signal patterns to correlate and respond.
- And pure-play XDR startups are building companies from the ground up that fulfill the promise of both broad and deep detections with response across the entire attack surface
To summarize, XDR is about the big picture, finding the needles in the haystack quickly (not creating more hay!!!) and responding quickly and accurately.
At Stellar Cyber – we think X means everything – regardless of where you are coming from and which existing tools you use, and regardless of where you want to go in terms of security maturity. Contact me for a lively discussion: firstname.lastname@example.org
Brian Stoner is VP of service providers at Stellar Cyber, which develops a next-gen security operations platform that provides high-speed, high-fidelity threat detection and response across the entire attack surface. Read more Stellar Cyber guest blogs here.